Monday
Could real-time eForensics be the Answer to Cybersecurity and Analytics?
by Larry Karisny
June Addition
eForensics may be more than a good name for a magazine. Understanding what digital forensics does in real time may be the holy grail of cybersecurity. The information technlogy security industry explains cybersecurity in terms of complex algorithms or virus detection systems that only a scientist or software developer can understand. In reality what cybersecurity really is just the authenticated use of validated causal actions taking place in a predetermined process that is used to accomplish specific results.
Cybersecurity is achieved when theses action and processes are authenticated, viewed, analyzed, audited, activated or blocked in real time during data in motion. If we can do this we will be secure. We are not doing this today. With the ever increasing demand of security in ever increasing digitally intelligent world it may be time for paradigm shift if we are to reach true cybersecurity. It maybe time for real-time eForensics.
The seen of the crime
Most of us are familiar with forensics in the evaluation of a crime scene. There was a criminal incident that occurred and a team of forensic analysts come in to gather information that might lead to solving the crime. eForensics today is no different. A hack has occurred and a team of specialist sift through mounds of data, software,hardware, processes and people to determine how the systems processes have been breached. The commonality of both these forensic approaches is that they are both reviewing historical information and using tools and techniques that can analyze these historical incidents. These historical forensic approaches can in time possibly solve the crime or cyber breach but neither of these approaches can stop the crime or the hacker in advance.
The current cybersecurity methodologies using passive process monitoring are proving to be the wrong place and the wrong time in attempts to achieve system cybersecurity and intelligence analysis. To accomplish information technology security and intelligence we need to focus on technologies that stop and analyze information technology processes real-time during data in motion. This is where a technology paradigm shift needs to occur in the cybersecurity industry and real -time eForensics can accomplish this. Can our current cyber security and analytic technologies keep up?
Increased varieties of connected devices are being added daily to our already complex intelligent world. Unfortunately these intelligent technologies are being releases by the millions at the cost of increasing cybersecurity threats while using complicated digital intelligence analysis techniques that are neither effective nor can keep up with the amount of data input these system devices and software produce. Cybersecurity experts are beginning to realize that current passive process monitoring using historical data aggregation and database analytics techniques are no longer efficient or effective methodologies for cybersecurity and system intelligence.
Current approaches fail due to the inability to secure or properly analyze the many real-time messaging application actuaries that occur in our incceasingly complex digital intelligent system processes. The current historical passive security and analytical technologies only tell what might have happened after the causal action has occurred not what did happen. Monitoring active process causal actions in the process tell what actually is happening in real-time during networked data in motion which is where the point of new security and process analytics need to occur.
As we are increasingly connecting and interconnecting our digital intelligence in the forms of software, hardware, apps and now Internet of Things (IoT), These casual actions multiply making the process more complex and difficult to track. While these interconnected technologies continue to be leveraged in digital intelligence we are losing control of the where and when point of causal actions that are actually occurring in the system processes. This is point where securing and analyzing causal actions and processes need to be secured and analyzed. We are not doing this today.
Losing control of digital intelligence and cybersecurity
We have reached a point in intelligent operation complexity that even trained operators are not sure what the digital control systems actuators are actually initiating what actions in the process. We are losing control between human to machine and machine to machine system processes while we increasingly interconnected software, cloud and IoT application messages that in many cases are not secured, audited or even seen in the system process.
Causal messages are constantly being sent in real-time during data in motion in these complex system processes and can be exploited to manipulate the process results. Hackers know this and are successfully targeting and exploiting these weaknesses affecting every individual and every industry that uses digital intelligence in their information technology processes. Hackers have already attacked cars, homes, business process systems, factory control system and critical infrastructure control systems by manipulating the causal messaging action within these system processes.
The danger of algorithms and analytics in cybersecurity
For years we have had a false sense of security that was built around mathematical algorithms. This is what the encryption Intrusion Detection System (IDS) security has been based on for years. Recent disclosure of the NSA’s involvement of the control and release of these encryption algorithms and their direct relation with RSA has caused the loss of of considerable trust in cybersecurity industry. This combined with weaknesses found that were not able to be disclosed caused a boycott of major encryption scientists in the last RSA conference. The encryption games are over and for many the use of encryption in security is no longer technically effective and certainly not trusted.
Intrusion Dewtection Systems (IDS) security technologies are no better off now admitting they can’t stop denial of service attacks (DDoS ) while sophisticated and aggressive cyber weapons like Snake and Stuxnet are now part of the arsenal of cyber war weapons with critical infrastructure as its main target. Analytic approaches are also showing their weakness in being used in process action discovery. They are having difficulty even understanding what all the big data means and could fall victims to subjective analyst methodologies to explain what the historical data means. Clearly if we are to secure and understand all these new intelligent actions in our control processes we need new methods and even a new place confirming that these complex and layered control system actions are actually correct.
Adding security while adding intelligence
Intelligent control systems are faced with a two edge sword of needing digital intelligence and securing this intelligence. They need the digital intelligence to assist in physical security and the monitoring complex process systems processes while also faced with making sure this digital intelligence can’t be access or exploited by hackers. In critical infrastructure applications, such as the process control of a power grid, there is no room for error or good enough security. When you have machine to machine (M2M) IoT or cloud services sending actuary messages without human intervention, these system processes must be digital authenticated, viewed, audited and blocked in real-time data in motion in order to be effectively secured and analyzed.
Having focused in critical infrastructure cybersecurity for years, my many industry colleges and I have come to a similar conclusion. The cybersecurity and analytical methodologies used today are flawed and cannot achieve the stringent security requirements or the volume of analytical data needed to protected and understand our increasing complex and interconnected control system operations. In fact both Intrusion Prevention System (IPS) security and Intrusion Detection System (IDS) security methodologies are increasing showing security prevention and detection failures.
Current analytical approaches cannot even scale to address the billions of applications and terabytes of big data need to be evaluuated in the increasing complex processes. We must deploy security technologies that can secure and understand the millions of causal events and interconnected causal events that take place in the control system process on the network. This can be done by using an active business process monitoring process firewall during on the network the data input data in motion point of digital intelligence transfer. This is where the beginning of a new paradigm shift is occurring and where real-time eForensics can be achieved.
The paradigm shift of Intelligent Cybersecurity
A recent MIT paper addressing both physical and digital security found that the current cybersecurity solutions focusing on securing data and networks are 50 year old technologies were really made for the electrical-mechanical processes and not the digital processes. Rather than focus on securing networks and data the study suggested that security must target at the causal action which is the true point of system security. The new approaches detect anomalies not meant in the causal action and system process. The difference in these approaches is determining at what point in the data in motion is the causal identified secured and how it is analyzed.
Layer 7 Firewall is an active monitoring system on the network that secures the device against rogue applications (example: smartphone private information accesses by unauthorized apps.) OSI layer numbers are commonly used to discuss networking topics. A troubleshooter may describe an issue caused by a user to be a layer 8 issue. As the industry jokingly refers this as layer 8, in reality this human to system causal action event is where true authenticated application security must be achieved.
The layer 7 OS firewall can secure the application but there needs to be an additional message intelligence layer if we are to secure active live message applications that are continually active in the transfer of system intelligence. There are constant data in motion message actuaries that are constantly creating real-time causal action in a typical control system process. This is where things really get switch on or off and desired or undesired actions need to be authenticated viewed, audited, activated and blocked. This message application intelligence firewall needs to be placed at the data in motion flow of desired process not the end to end points of data transfer on the network. Securing data end points has been a main stay in cybersecurity for years but can no longer secure the billions of actuaries predicted in cloud and IoT systems.
The intelligent causal action fix
Security companies are beginning to understand the importance of anomaly detection and its relationship to the system process. They all though have the same problem of using historical security and analyzing methodologies in detecting of the anomaly at the data output level. They use algorithms in the protection of the input to output data and then use analytics to determine the anomaly. The end point of these methodologies are at the historical data output level and does not offer the security of digital intelligence or the analysis of the anomaly to take place during the real-time data in motion data input level.
After many years of work and research a patented anomaly detection approach from a company called Decision Zone has uniquely accomplished the ability to authenticate, view, audit, activate and block terabytes of real time digital intelligence in milliseconds at the input data in motion level. Today’s security systems use a passive monitoring collection and aggregation data methodologies on the network and analyzes this information at the historical data output level. Decision Zone offers active application message monitoring on the network using graphical process rules and utilizing its patented causal inference engine. This new intelligent process layer firewall can protect the application infrastructure against any unauthorized causal action or system process.
This significant achievement by Decision-Zone offers a paradigm shift in cybersecurity methodologies by uniquely addressing security and system intelligence at real-time data in motion data input level. It doesn’t not use historical data output or analytics to evaluate the anomaly which is currently allowing hacker a window of system exploit. It uses process logic mapping to validate the interactions of the multiple layers of causal action processes which allows it the ability to even detect human to machine and machine to machine causal action process errors.
If we are going to continue remove to human intervention from our control system processes while allowing layers of human to machine and machine to machine actions to occur in these systems, we must use a method to real time secure and analysis the casual events and the intelligence processes in the system. Decision Zone offers a unique data in motion application message firewall that can authenticate, view, evaluate, audit, activate and block any causal actions across any software, hardware, cloud or IoT platform. For a more thorough explanation of this capability see the presentation Layer 8 Process Firewall (L8PF) or go the decisionzone.com.
Conclusion
Spending years in the networking world I like many of my colleagues considered cybersecurity the protection of the end to end network and its data flow. This information transport has served us for many years but is now showing its weaknesses as does the IPS and IDS security technologies that are currently protected it. With everything today being about the cloud, the app and the IoT, we must apply new security methodologies to secure these growing and ever increasingly interconnected intelligent system technologies.
Hackers are exploiting the causal actions of the process and are manipulating message application system actions to their benefit. We must move the firewall from protection of the output data transport systems to the real-time data in motion data input level if we are to stop these cyber breach actions and achieve true cybersecurity and analytical system intelligence. The use of real-time eForensics in evaluating and security causal events and system processes are critical to the understand and security of digital intelligence today and in the future.
Could real-time eForensics be the Answer to Cybersecurity and Analytics?
taking place in a predetermined process that is used to accomplish specific results.
Cybersecurity is achieved when theses action and processes are authenticated, viewed, analyzed, audited, activated or blocked in real time during data in motion. If we can do this we will be secure. We are not doing this today. With the ever increasing demand of security in ever increasing digitally intelligent world it may be time for paradigm shift if we are to reach true cybersecurity. It maybe time for real-time eForensics.
The seen of the crime
Most of us are familiar with forensics in the evaluation of a crime scene. There was a criminal incident that occurred and a team of forensic analysts come in to gather information that might lead to solving the crime. eForensics today is no different. A hack has occurred and a team of specialist sift through mounds of data, software,hardware, processes and people to determine how the systems processes have been breached. The commonality of both these forensic approaches is that they are both reviewing historical information and using tools and techniques that can analyze these historical incidents. These historical forensic approaches can in time possibly solve the crime or cyber breach but neither of these approaches can stop the crime or the hacker in advance.
The current cybersecurity methodologies using passive process monitoring are proving to be the wrong place and the wrong time in attempts to achieve system cybersecurity and intelligence analysis. To accomplish information technology security and intelligence we need to focus on technologies that stop and analyze information technology processes real-time during data in motion. This is where a technology paradigm shift needs to occur in the cybersecurity industry and real -time eForensics can accomplish this. Can our current cyber security and analytic technologies keep up?
Increased varieties of connected devices are being added daily to our already complex intelligent world. Unfortunately these intelligent technologies are being releases by the millions at the cost of increasing cybersecurity threats while using complicated digital intelligence analysis techniques that are neither effective nor can keep up with the amount of data input these system devices and software produce. Cybersecurity experts are beginning to realize that current passive process monitoring using historical data aggregation and database analytics techniques are no longer efficient or effective methodologies for cybersecurity and system intelligence.
Current approaches fail due to the inability to secure or properly analyze the many real-time messaging
application actuaries that occur in our incceasingly complex digital intelligent system processes. The current
historical passive security and analytical technologies only tell what might have happened after the causal action has occurred not what did happen. Monitoring active process causal actions in the process ell what actually is happening in real-time during networked data in motion which is where the point of
new security and process analytics need to occur.
As we are increasingly connecting and interconnecting our digital intelligence in the forms of software, hardware, apps and now Internet of Things (IoT), These casual actions multiply making the process more complex and difficult to track. While these interconnected technologies continue to be leveraged in digital intelligence we are losing control of the where and when point of causal actions that are actually occurring in the system processes. This is point where securing and analyzing causal actions and processes need to be secured and analyzed. We are not doing this today.
Losing control of digital intelligence and cybersecurity
We have reached a point in intelligent operation complexity that even trained operators are not sure what
the digital control systems actuators are actually initiating what actions in the process. We are losing control
between human to machine and machine to machine system processes while we increasingly interconnected
software, cloud and IoT application messages that in many cases are not secured, audited or even seen in the system process.
Causal messages are constantly being sent in real-time during data in motion in these complex system processes and can be exploited to manipulate the process results. Hackers know this and are successfully
targeting and exploiting these weaknesses affecting every individual and every industry that uses digital intelligence in their information technology processes. Hackers have already attacked cars, homes, business process systems, factory control system and critical infrastructure control systems by manipulating the causal messaging action within these system processes.
The danger of algorithms and analytics in cybersecurity
For years we have had a false sense of security that was built around mathematical algorithms. This is what the encryption Intrusion Detection System (IDS) security has been based on for years. Recent disclosure of the NSA’s involvement of the control and release of these encryption algorithms and their direct relation with RSA has caused the loss of of considerable trust in cybersecurity industry. This combined with weaknesses found that were not able to be disclosed caused a boycott of major encryption scientists in the last RSA conference. The encryption games are over and for many the use of encryption in security is no longer technically effective and certainly not trusted.
Intrusion Dewtection Systems (IDS) security technologies are no better off now admitting they can’t stop denial of service attacks (DDoS ) while sophisticated and aggressive cyber weapons like Snake and Stuxnet are now part of the arsenal of cyber war weapons with critical infrastructure as its main target. Analytic approaches are also showing their weakness in being used in process action discovery. They are having difficulty even understanding what all the big data means and could fall victims to subjective analyst methodologies to explain what the historical data means. Clearly if we are to secure and understand all these new intelligent actions in our control processes we need new methods and even a new place confirming that these complex and layered control system actions are actually correct.
Adding security while adding intelligence
Intelligent control systems are faced with a two edge sword of needing digital intelligence and securing this intelligence. They need the digital intelligence to assist in physical security and the monitoring complex process systems processes while also faced with making sure this digital intelligence can’t be access or exploited by hackers. In critical infrastructure applications, such as the process control of a power grid, there is no room for error or good enough security. When you have machine to machine (M2M) IoT or cloud services sending actuary messages without human intervention, these system processes must be digital authenticated, viewed, audited and blocked in real-time data in motion in order to be effectively secured and analyzed.
Having focused in critical infrastructure cybersecurity for years, my many industry colleges and I have come to a similar conclusion. The cybersecurity and analytical methodologies used today are flawed and cannot achieve the stringent security requirements or the volume of analytical data needed to protected and understand our increasing complex and interconnected control system operations. In fact both Intrusion Prevention System (IPS) security and Intrusion Detection System (IDS) security methodologies are
increasing showing security prevention and detection failures.
Current analytical approaches cannot even scale to address the billions of applications and terabytes of big data need to be evaluuated in the increasing complex processes. We must deploy security technologies that can secure and understand the millions of causal events and interconnected causal events that take place in the control system process on the network. This can be done by using an active business process monitoring process firewall during on the network the data input data in motion point of digital intelligence transfer. This is where the beginning of a new paradigm shift is occurring and where real-time eForensics can be achieved.
The paradigm shift of Intelligent Cybersecurity
A recent MIT paper addressing both physical and digital security found that the current cybersecurity
solutions focusing on securing data and networks are 50 year old technologies were really made for the
electrical-mechanical processes and not the digital processes. Rather than focus on securing networks and data the study suggested that security must target at the causal action which is the true point of system security. The new approaches detect anomalies not meant in the causal action and system process. The difference in these approaches is determining at what point in the data in motion is the causal identified,
secured and how it is analyzed.
Layer 7 Firewall is an active monitoring system on the network that secures the device against rogue applications (example: smartphone private information accesses by unauthorized apps.) OSI layer numbers are commonly used to discuss networking topics. A troubleshooter may describe an issue caused by a user to be a layer 8 issue. As the industry jokingly refers this as layer 8, in reality this human to system causal action event is where true authenticated application security must be achieved.
The layer 7 OS firewall can secure the application but there needs to be an additional message intelligence
layer if we are to secure active live message applications that are continually active in the transfer of system intelligence. There are constant data in motion message actuaries that are constantly creating real-time causal action in a typical control system process. This is where things really get switch on or off and desired or undesired actions need to be authenticated viewed, audited, activated and blocked. This message application intelligence firewall needs to be placed at the data in motion flow of desired process not the end to end points of data transfer on the network. Securing data end points has been a main stay in cybersecurity for years but can no longer secure the billions of actuaries predicted in cloud and IoT systems.
The intelligent causal action fix
Security companies are beginning to understand the importance of anomaly detection and its relationship
to the system process. They all though have the same problem of using historical security and analyzing methodologies in detecting of the anomaly at the data output level. They use algorithms in the protection of the input to output data and then use analytics to determine the anomaly. The end point of these methodologies are at the historical data output level and does not offer the security of digital intelligence or the analysis of the anomaly to take place during the real-time data in motion data input level.
After many years of work and research a patented anomaly detection approach from a company called
Decision Zone has uniquely accomplished the ability to authenticate, view, audit, activate and block terabytes
of real time digital intelligence in milliseconds at the input data in motion level. Today’s security systems use a passive monitoring collection and aggregation data methodologies on the network and analyzes this information at the historical data output level. Decision Zone offers active application message monitoring on the network using graphical process rules and utilizing its patented causal inference engine. This new intelligent process layer firewall can protect the application infrastructure against any unauthorized causal action or system process.
This significant achievement by Decision-Zone offers a paradigm shift in cybersecurity methodologies by uniquely addressing security and system intelligence at real-time data in motion data input level. It doesn’t not use historical data output or analytics to evaluate the anomaly which is currently allowing hacker a window of system exploit. It uses process logic mapping to validate the interactions of the multiple layers of causal action processes which allows it the ability to even detect human to machine and machine to machine causal action process errors.
If we are going to continue remove to human intervention from our control system processes while allowing
layers of human to machine and machine to machine actions to occur in these systems, we must use a method to real time secure and analysis the casual events and the intelligence processes in the system. Decision Zone offers a unique data in motion application message firewall that can authenticate, view, evaluate, audit, activate and block any causal actions across any software, hardware, cloud or IoT platform. For a more thorough explanation of this capability see the presentation Layer 8 Process Firewall (L8PF) or go the decisionzone.com.
Conclusion
Spending years in the networking world I like many of my colleagues considered cybersecurity the protection
of the end to end network and its data flow. This information transport has served us for many years but is now showing its weaknesses as does the IPS and IDS security technologies that are currently protected it. With everything today being about the cloud, the app and the IoT, we must apply new security methodologies to secure these growing and ever increasingly interconnected intelligent system technologies.
Hackers are exploiting the causal actions of the process and are manipulating message application system actions to their benefit. We must move the firewall from protection of the output data transport systems to the real-time data in motion data input level if we are to stop these cyber breach actions and achieve true cybersecurity and analytical system intelligence. The use of real-time eForensics in evaluating and security causal events and system processes are critical to the understand and security of digital intelligence today and in the future.
Thursday
Is Cybersecurity Officially Broken?
April 2, 2014 By Larry Karisny
NSA disclosures, RSA conference scientist boycotts, University white papers and even cybersecurity supplier contest challenges are validating the weaknesses of our current cybersecurity methodologies.
The old model of "good enough security" is being replaced by a new model of "0 trust security" upon which cybersecurity must be built. Mysterious scientific encryption algorithms combined with the subjective analyses of big data is no longer trusted or even effective in offering true security solutions. And yet we are connecting an explosion of software and devices that enhance or even take over human processes.
We need to deploy cybersecurity technologies that can effectively secure the billions of application process actions, or adversaries will continue to manipulate these application-based technologies that are now the focus of new cyber attacks. The question is how.
Hackers Get It
I have watched and privately
disclosed successful attacks on wireless intelligent devices including
smartphones, automobiles, homes and power-grid infrastructure. In doing
so I was able to use what I discovered from hackers, then follow
cybersecurity industry trends and methods of stopping these breaches.
Inside breaches are increasingly being used to penetrate authentication access to systems. Process applications
software was being exploited to achieve breaches. Why go through the
trouble of breaking complex mathematical algorithms with a supercomputer
when it is much simpler to manipulate the processes and process
application software to achieve the same results?
While the cybersecurity mathematicians continue to pitch now 50 year old technologies that even MIT considers outdated,
hackers simply use the system process application actuaries or action
messages as points of exploit. There are three things we do not do very
well when securing these action messages. We do not authenticate, view
or audit these multiple message actions or the collaborative processes
that occur in a typical information technology control or business process.
Instead, the majority of cybersecurity technologies focus on the
protection of the network and data. Thus, they are not even looking in
the right place to view or audit these process actions. Hackers know
this and that is where they can most easily enter.
Securing the Process not the Algorithm
This new focus on cybersecurity
at the action of a business or control system process is becoming a
welcomed and understandable security methodology to CEOs and COOs around
the world. CEOs who understand their organizational processes and
actions do not understand how today's cybersecurity products and
services work.
While mathematicians were
making algorithms to scramble and secure data streams, the actual
security end point is in actions and collective processes. True security
is achieved by authenticating and securing the causal action of the
business or system process in real time, not securing data
transportation input and output while historically analyzing its causal
actions and processes using data analytics.
We today process multiple
software message actions without authenticating or confirming the
data-in-motion action. This is like turning the key in a car and just
assuming the vehicle control system is doing what it is suppose to be
doing. This same lack of system causal confirmation is why scientists
have been able to demonstrated how an automobile control system can be
hacked. For 0 trust security to actually be achieved, we need methods
of monitoring these software process application messages in real-time
data with a data-in-motion firewall that can view and audit the causal
messaging actions of any control system or process at the data input
level.
There are real-time anomaly-detection messaging technologies that are beginning to be recognized.
The problem in both of these solution approaches is the continued use
of mathematical algorithms which are outdated, complicated and
breachable. IoT devices often do not even have enough memory to store
these complex algorithms. We are beginning to understand that causal
actions are the real end points of cybersecuriity. We now must find new
way of securing them.
Control or Lose Control of Digital Intelligence
I
recognize the benefits of digital intelligence and the many forms it
takes in hardware, software, apps and the Internet of Things (IoT). I
like my smartphone and the software apps it runs. The problem is all
these things can be hacked and we are irresponsibly connecting and
interconnecting them without concern for security
at a pace so fast we are losing control of what these digital devices
are actually doing. We are automating without authenticating and
actuating without auditing. We just touch an icon and assume the
interconnected layers of network, hardware, software, apps and IoT are
going to do what we want them to do. Hackers know this and just find the
weakest link.
Control systems and processes
must have the capabilities to view realtime causal actions at the
data-in-motion input level. Whether an authentication breach, network
breach, data breach or software application breach, this same
methodology must be able to quickly and accurately secure billions of
application messaging actions and the interconnected processes they
activate. I discussed these methodologies in detail in my last article,
"Time for a Cybersecurity Overhaul."
Cloud applications and IoT devices today already have a bad security
track record that will only get worse if we do not change the way we
ecure these new technologies that are now at the doorstep of our digital
communities.
Conclusion
Our digital age had brought us
many wonderful technologies and I am not underestimating their
importance. But like others in this industry, I am screaming "proceed
with caution and find a way to secure this stuff before deploying it."
We have interconnected so many of these digital technologies we have
lost control of what the actual business and systems process are doing.
We are increasing the use of these technologies exponentially without
proper security procedures in place -- like a manager hiring 10,000
employees and saying "don't worry I will never check or even have the
ability of knowing what you are doing."
We do not understand the power
of technologies we use every day. Hackers do and exploit these
security technology weakness as current cybersecurity suppliers try to
improve older technologies that are proving to have outlived their
effectiveness. We can't move forward by just putting security patches on
what we have and the industry is at last coming to that conclusion.
I would like to offer my own
cybersecurity challenge. If you have a better cybersecurity methodology
to secure the projected billions of apps and IoT my not for profit has already researched
I will promote your security technology to thousands of my cyber
security contacts and submit an article disclosing your capabilities.
This much I know. We need to fix cybersecurity now or our digital age
could come to a screeching halt.
Saturday
Time for a Cybersecurity Overhaul
January 23, 2014 By Larry Karisny
Most of the recent attention on cybersecurity has been directed toward the disclosure of NSA activities and recent corporate breaches now reaching record-breaking levels. Both the public and private sectors are beginning to witness how devastating cyber breaches can be in critical infrastructure, intellectual property, wealth and even state secrets. These attacks are so big that monetary estimates range from $100 billion to $3 trillion, and the extent of some attacks are still unknown. What is known is that the whole world has had enough, and cybersecurity needs to start living up to its name: security.
How Bad is It?
The infograph World's Biggest Data Breaches gives a sense of the extent of these breaches using information from DataBreaches.net and IdTheftCentre. It summarizes breaches that exceed 50,000 files by year, number and type. In a recent interview on the CBS program 60 Minutes, National Security Agency (NSA) director Gen. Keith Alexander admitted that “a foreign national could impact and destroy a major portion of our financial system” by placing a virus in our computer systems “and literally take down the U.S. economy.” The message is clear that things aren’t working properly, and those of us in the industry knew they weren’t working. With a new focus, it might be time to pursue solid security solutions.
While the press has been focused on the NSA collection of cell phone metadata from private U.S. citizens, the real problem is their collaboration with some of the largest cloud tech companies in the world. Forester Research reported that cloud businesses led by HP, Cisco Systems and Microsoft and managed service providers (MSPs) could lose an estimated $180 billion through 2016 in cloud products and services. These losses are directly attributed to disclosures of the NSA spying programs. The concerns were so great, top tech executives met President Barack Obama to discuss their concerns. Snoop agencies are only part of the problem, though, with reports on millions of files hacked from both the public and private sectors annually. Mistakes made by people and systems are the main causes of data breaches. Whether intentional or not, the results are the same, and the cybersecurity industry and the companies it affects seem to need a fresh look -- or maybe even a cybersecurity overhaul.
One of the greatest concerns is that the very industries that are already witnessing security issues are producing and releasing products and services without considering security solutions. The cloud-computing industry is vulnerable to cyber attacks, and worldwide is expected to see double-digit growth rates during the next three years, with revenues reaching $148 billion in 2014 and $207 billion by 2016, according to the Information Technology and Innovation Foundation.
The Internet of Things (IoT) industry has forecast revenues of $8.9 trillion for 2020, and to date has no cybersecurity plan for the trillions of devices it plans to connect to the Internet. Clearly the cybersecurity and related organizations and industries needed a wake-up call, and maybe the recent NSA disclosures will actually help by putting responsible cyber solution in place.
What is Cybersecurity and is it Secure?
The definition of cybersecurity differs depending who in the industry you speak with. In general, some people think it's protecting networks and data, and others think it is having the ability to detect breaches. There are basically two ways cybersecurity is viewed today: You authenticate and encrypt end-to-end data network transport between users and information technologies (Intrusion Prevention Systems or IPS), or you detect what has come though the data stream and try to block or discard suspicious data (Intrusion Detection System or IDS).
Both of these methodologies have faults. Take IPS, for instance. Edward Snowden had top secret clearance and authenticated encrypted access, but left with thousands of files. Typical IPS security alone can’t stop inside authenticated breaches. IDS security technologies finding things like malware, viruses and trojans at the historical stored data output level often are too late in stopping a malicious attack.
Even combined, these technologies leave intentional and unintentional exploit capabilities, which hackers have demonstrated. All these technologies are missing the ability of authenticate, view and audit multiple process actions during real-time data in motion with human and machine action applications. These vulnerabilities leave gaping holes in current cybersecurity solutions and must be addressed quickly as we continue to connect more and more applications to an already insecure Internet cloud. Customers don’t want to spend billions of dollars for “almost security.” Tricky back doors and "almost security" are out; real proven solutions are in.
So Who do You Trust?
These NSA revelations were really not surprising to cybersecurity professionals. The NSA purchases many of these capabilities from the private sector. But today, exploit capabilities that were normally disclosed in confidence between computer scientists and vendors are now being marketed in the open by global brokers with little concern about state sovereignty or corporate entity. While people express concerns about NSA activities, at least these activities have some form of centralization and responsibility. Now we are faced with a form of global cyber ransom in an open market that is decentralized with varying amounts of responsibility.
This new global exploit threat means that security vendors will need to take security more seriously. In the past, the greatest threats to hardware and software vendors were hackers and security researchers who sought the positive exposure of being the ones to discover a new vulnerability. The actual exploit of published vulnerabilities was rare, and in most cases of responsible disclosure, the vendor was given time to release a patch before the vulnerability was published. Now the game has changed. The penetrate-and-patch cybersecurity market is a short-term solution and actually demonstrates how weak current security methodologies are. Security patching will not be sustainable or trusted by customers in this now open-market free-for-all. Cybersecurity users are now demanding a new methodology. Trust needs to be built, and the only way to validate these solutions whether offered by government or corporate entity is “show me.”
Moving Forward with Solutions
Old ways of cybersecurity are slowly eroding, and customers will no longer accept the “appearance” of security. Even standards groups such as NIST were not left unscathed from the NSA involvement while they are working with industry on new approaches through the National Cybersecurity Center of Excellence Even U.S. government contractors with top secret clearance who were poised to have a big part in offering cybersecurity services in areas such as critical infrastructure are now coming under scrutiny, as are big name companies like Apple, Facebook, Google, Yahoo, Cisco, IBM and Oracle.
A recent merger of Mandiant and FireEye is an example of what customers want in cybersecurity. Security experts expect strong growth in both FireEye's cloud-based systems for detecting malicious software and Mandiant's software that analyzes cyber attacks. This merger is a reflection that customers are now demanding higher levels of cybersecurity services and new technologies for stopping cyber attacks.
A white paper released by Decision Zone discusses one of these new security technologies and clearly demonstrates the need for a paradigm shift to truly prove to customers that cybersecurity can be achieved. Decision Zone’s anomaly detection technology was actually built on the premise of an easy and inexpensive way to view, authenticate, audit and block process action in real-time at the application level. There is also an added nuance of now assuring the hardware and software they are using is doing what it is supposed to do. Hardware and software cloud companies and service providers will need to embrace technologies such as this if they are to regain trust in the marketplace.
Conclusion
With revenues losses already being seen by major cloud hardware providers, the global message in cybersecurity is clear: The customer still rules. “Good enough” cybersecurity technologies will not be sufficient, only “show me” will suffice. Our world is becoming ever more connected with smart technologies offering cloud-connected apps and devices in the trillions, there has never been a better time to expose the weaknesses of cybersecurity and offer solutions to these vulnerabilities. The digital future of every town, city and country depends on it.
Larry Karisny is the director of ProjectSafety.org, a cybersecurity expert, advisor, consultant, writer and industry speaker focusing on security solutions for mobility, the smart grid and critical infrastructure. He will speak at the Smart Grid Cyber Security Virtual Summit, on February 20, 2014.
Wednesday
Is Cybersecurity an Inside Job?
While security clearance and authentication processes are essential to physical and other security, the physical DC Navy Yard breach by Aaron Alexis and the state secret breaches by Edward Snowden illustrate some disturbing weaknesses in personal validation and authentication. These clearance breaches were very different in nature but show a range of how a person’s calculated action can subvert basic security measures.
Neither top secret clearance, sophisticated authentication nor the most advanced encrypted information systems can necessarily stop an intended breach action. These security procedures are not designed to detect real-time actions and anomalous business processes from authorized personnel. These practices are just the "moat around the castle" approach upon which most current cybersecurity technologies are based. Current national security breaches clearly show we need to do more.
The Enemy Within
The highest percent of breaches occur inside an organization. When a criminal wants something specific he or she will choose the path of least resistance to obtain it. Cybercriminals don’t do this by breaking complex security algorithms. They normally do it by gaining access as a trusted insider, using and manipulating secured and authorized software and hardware to which they have access.Corporate espionage has utilized this methodology for years and now entire countries are using software exploits to gain access to state secrets in this new cyberwar. Authenticated access is not the issue. The unknown enemy already has access. We need to quit focusing so much on allowing and disallowing access and instead watch the business system process tools and how people are using them.
As our organizational systems grow larger and our business process and control systems become more complex and connected, we begin to lose track of what we are doing, let alone securing what we are doing. We currently run business processes using layers of software, hardware and people all trying to achieve a certain departmental or subsystem task. Whether software, machine or human -- the actions of these process components are seldom if ever combined in a single understandable view of the entire process. By not allowing a total system action view, the breach of a single process action could greatly affect other connected process actions and potentially take down the whole system.
These process actions are the Achilles heel of cybersecurity and they cannot be defended by hardening physical, network or system information process security. We need to direct our attention more toward action viewing technologies vs. encrypted authorized actions. We need to assume the enemy is already in and needs to be watched.
What We Don’t See Can Hurt Us
While many people are very concerned about technical snooping capabilities, the fact is that we need better snooping capabilities in areas such as critical infrastructure, industrial control systems, intellectual property and national defense. We have created massive intelligence process capabilities through computer software, hardware and networks and have done a pretty good job securing the transport and storage of information but little in securing system processes. When we interconnect multiple actions to multiple processes without detection capabilities, we leave a wide open opportunity for breaches. Physical security in background checks, biometric authentication, RFID location based services and network encryption all have value, but they alone will not stop an authenticated breach. We are not even looking in the right place.The recent national security breaches were recognized at the action output level after the breach action already occurred. These breaches demonstrate two very important requirements in security that we must be concerned with. One is that we need to add intelligence to physical, human and machine actions that view and even predict a physical breach like a person breaking barricades. We can’t just go back to the old days and think that getting rid of all this digital smart stuff will improve security. It won’t. These intelligent and connected technologies can greatly help both physical and digital security if properly implemented. There are a multitude of technologies that can give intelligence to our physical world.
The second important requirement is the timing of when a process action breach occurs versus when a process breach can be observed and blocked. This is where new technologies such as anomaly detection can be used to recognize, audit and block these process actions at the real-time data input level when seconds matter. The technologies exist and are called anomaly detection. Companies such as IBM and Decision Zone have so much belief in these technologies that they have both patented their solutions. When things aren’t working properly, demonstrated by the scale and magnitude of the cyber breaches we see today, we need to do something different and there are some security companies that are realizing this. So the big question is how much? The answer may surprise you.
Cost Justifying Security Through Anomaly Detection Process Efficiencies
One of the biggest concerns in security services is the initial cost in deploying these technologies, the continued cost in using them and how these costs can be justified. Even improvements in first-level authentication and IT security are not yet considered a cost of doing business although these opinions are changing. There are ROI calculators that are now at least trying to put a number on the cost of potential security breaches and attempts to reduce insurance policy premiums when cybersecurity defensive plans can be demonstrated.Security is only the anomaly detection of an incorrect process action. More accurately viewing the process actions through anomaly detection can also improve the total process. Security is really only a byproduct of detecting anomaly actions that are not part of the process. People are not buying security because they can’t justify the cost. Both the public and private sectors can gain efficiencies through the use of anomaly detection resulting in service savings or profit that would justify the cost of security. The process efficiencies gained through anomaly detection technologies can absorb the cost of security while improving process actions.
Conclusion
Problems occur in business processes when someone or some technology does something wrong whether intentional, mistakenly or as part of a targeted attack. We can only achieve true security when multiple actions and process can be detected simultaneously and in real time. New technologies are offering these capabilities in a time when we are rapidly expanding interconnected humans to intelligent machines that have capabilities that are so large we are having trouble even viewing these processes.We need to start recognizing that authentication of a person no matter how accurate the techniques used are only the first level of cybersecurity. True security can only be achieved when combining prevention and detection technologies at the real time business or process input action level. Most security breaches occur quickly and are themselves an input process action. Using technology than can focus on these input actions is where we need to focus our efforts.
True cybersecurity will be obtained when we can effectively view, audit, correct and block organizational process actions. If you could have a technology that does this, then why not?
Friday
Are Black Hats and White Hats Really Grey Hats?
Image by Pedro Nunes
I advise security companies that have demonstrated cybersecurity technologies far superior than those generally offered today, So why aren't we using them? The reasons have little to do with technology and a lot to do with people. Hackers sell security exploits daily on the open market while regulatory organizations take two years or more to write security regulations. Recent DEFCON and Black Hat conventions in Las Vegas clearly demonstrated that offense is far out in front of defense. So are we really trying to secure cyber? The answer is "yes and no" and there are good reasons for both. Let’s take a look at the two hats we wear while trying to find the balance.
Those Pesky Humans
There are a lot of serious mathematicians and scientists in cybersecurity. They develop rather complex systematic approaches to security solutions that do not like intermittent variables. You know -- people. Everything looks great until people enter into the digital process logic, then it all changes.
Securing machine-to machine actions are relatively simple. You have a software logic map that does what it is supposed to do (although we don’t often audit them in security) and the machine action responds to the given audited logic commands. These process actions are often relatively simple and repetitious so they can be secured to assure that no changes have been made in the information system process.
The problem occurs when we start adding layers of software logic with access to hundreds of machines, thousands of devices and then add the human variable into the mix. Now it gets messy and the best mathematical algorithm in the world won’t fix this one. This is when you need a good process detection technology that can watch and audit both human and machine actions. These technologies exist and are what people are getting a little sensitive about lately in personal privacy.
Personal privacy aside, we must understand in critical process applications these same technologies actually need improvement if we are to obtain superior defensive cybersecurity. There is a big difference between personal privacy and information privacy in the workplace, and also which technologies should be used for those purposes.
Old Security Standards Methods Won’t Work
Remember when things were easier? A standards group put a thousand eyes on a problem, leveraged corporate and government money and made things the way everyone agreed they should be. Everyone got something and everyone was happy. But then the hackers showed up and made a mess of things by finding vulnerabilities only days after the security standards were released.
For the first time since 2005, the U.S. National Institute of Standards and Technology (NIST) has revised federal cybersecurity standards. What took so long? Because writing regulations takes 24–36 months. Meanwhile new technologies hit the marketplace, including a supercomputer that can be purchased for $100. This means that new security regulations are already outdated by the time they are implemented. When you have massive standards and compliance bureaucracies on one side and an independent hacker with no rules or regulations on the other, guess who is going to be able to respond more quickly? The game has changed and so must the methods of approving and deploying cybersecurity technologies.
Cybersecurity is different than most other technologies. The more people that know about the technology, the more vulnerable you become. Creating a bunch of college courses in cybersecurity offers the potential for lots more hackers. If it comes down to the ethics of being a white hat or black hat, the first priority today is 'where can I get a job and how much are you paying?' Government officials have learned this and are today playing catch-up by even hiring the black hats when needed.
There is no easy answer to these cybersecurity problems but there is a clear understanding that trying to fix the problems won't be accomplished with standards, compliance and mandates. This process has proven very expensive and has offered little in the way of strong, defensive cybersecurity measures. Just trying to keep up with vulnerabilities has been hard enough and frankly, the exploit offense technologies are currently beating the security prevention and detection defense technologies every which way. The game has changed and we need a way to get game-changing technologies to the forefront of cybersecurity quickly, That won't happen by belaboring bureaucracies that just are not fast enough or smart enough to react to the rapidly changing world of cybersecurity.
Expensive Band-Aid Security
We will continue to have cyberbreaches by continuing to rely on Band-Aids to "fix" vulnerabilities we find in our software. These intentional and unintentional back doors are problematic in both old and new software. Intentional back doors are often put in software for simple maintenance and upgrades. These known vulnerabilities need to be continually monitored if we are to ever achieve any acceptable level of cybersecurity. We also have the secret back doors put there through collaboration by government agencies and the private-sector that have recently received some attention.
The biggest problem is the unintentional backdoors installed by getting product out rapidly without proper security audits or writing bad code. Whether it's intentional or unintentional, it’s all the same to a hacker. It’s a way in and today’s hackers can find these vulnerabilities so quickly with exploit software that security patches are at best just playing catch-up.
To make matters worse, there is an increasing and disturbing trend in finding and correcting security vulnerabilities. A recent article in the New York Times, “Nations Buying as Hackers Sell Flaws in Computer Code”, disclosed an open market on zero-day security flaws offering hundreds of thousands of dollars to hackers. Once discovered, these flaws can be immediately leveraged by hackers and taken advantage of through the sale of the information or threatened use in a cyberattack. The use of the information in zero-day exploits can be leveraged by both hackers and governments at will before anyone else knows the vulnerability exists. This is today's dangerous back-and-forth exploit game.
Whether intentional or not, these security flaws have added up over the years and are continually being discovered. As the saying goes, "pay me now or pay me later." We are now paying for years of software vulnerabilities and need to use defensive technologies to counter-attack these exploits as discussed in an earlier article, rather than just continue paying ransom for potential offensive hits.
Privileged Information and Trust
We seem to be having a little problem understanding what privileged information is and what it is not. Privileged information is that which should be protected from disclosure by single individuals, or from sharing metadata between government agencies and thousands of companies. Abuse of this kind can deprive the originator(s) from their rightful compensation of years of work, intellectual property or nation-state security. We do not properly protect privileged information and its rightful ownership. Cybertheft of intellectual property is reaching a trillion dollars in just the U.S., so there must be a change in the way information is stored and secured by both the public and private sectors. These changes may even be seen in a loss of trust and business by some of the largest data center providers in the world.
Still to be seen -- with the recent disclosure of government surveillance programs such as PRISM -- will be how U.S. cloud service hosting centers and the technology companies that support them will be affected. The Cloud Security Alliance revealed some disturbing results in its July 2013 survey. The survey questioned how the recent disclosure of programs such as PRISM impacts attitudes about using public cloud providers as well as any other broadly available Internet services. The results clearly demonstrated a decline in trust of U.S. cloud hosting service from foreign responders. For example, 56 percent were less likely to use U.S. cloud service providers. This concern goes much deeper with major software and hardware suppliers also being questioned and potentially taking a hit.
One thing for certain, U.S. data centers and the technologies they provide will be under a lot of scrutiny in the future and have a lot of trust to regain and validate. A happy medium may be found in new private cloud services or even a return to private enterprise networks. One thing for certain, the status quo is no longer acceptable and trust must be regained.
Conclusion
We live in an age where the technology marketplace has trumped security needs for decades and we are now paying the price. We are currently releasing millions of connected products and services with little concern for security while hackers easily find vulnerabilities and readily sell exploit capabilities. Our security approval processes have become a hindrance in releasing timely defensive cybersecurity capabilities that are hacked by the time the standards are released. Those responsible for the use of security technologies and the information these technologies provide require a high level of ethical responsibility and in turn require checks and balances of personal oversight.
Security only works when you are all in and all on the same page. The other choice is all out cyberwar which is a lot more devastating than most people realize. From secret state espionage to abuses in political power, cyberwar could devastate any country. It would be to everyone’s advantage to find a middle ground and quit pretending we are all perfect. We are not. If you have been in the security business long enough, you probably have to admit your hat isn’t white or black. It’s really kind of grey.
Wednesday
Column: Cyber Attacks the Reality, the Reason and the Resolution Part 3
The smart phone may be the go-to personal control device that will multiply security access privileges under a single authentication. Photo from Shutterstock
June 19, 2013 By Larry Karisny
We are connecting digital intelligence to our homes, businesses, critical infrastructure and national defense at such staggering rates that we had to come up with methods of collecting "big data." Individuals now have the ability to access terabytes of information, millions of apps and thousands of devices that have the potential of activating critical processes at the touch of a screen. Security has been a continual afterthought even in areas as sensitive as our power grid. Even when security is responsibly deployed, breaches still happen, disclosing the weaknesses of current security solutions. There is no one-size-fits-all in cyber solutions. Instead, the best of the pieces are assembled to achieve the best possible security. Here are some good pieces of the security puzzle that when put together, offer resolution to the big problems faced today in cyberattacks.
Whether you want to secure your private conversations or a corporate database, you must first have a way to authenticate the human or machine initiating action. Sadly, this needs a lot of work. Fortunately, there is a lot of available technology to choose from.
With the password being just about dead, companies are reaching for other ways to effectively authenticate and validate this all-important initial process: access. From biometric human authentication to encrypted nano-sensors offering machine location-based identifiers, we have the technologies to securely authenticate the start of just about anything. With the computing power and popularity of BYOD, the smart phone may be the go-to personal control device that will multiply security access privileges under a single authentication. We are now just beginning to deploy apps and chip sets supporting these authentication capabilities.
When we communicate to a machine, the security beginning and end point is not a port or cable connected to some device. The points are often very complex microchips with coded processes within themselves. These trusted computer chips like BYOD devices can become part of the solution in cybersecurity -- and part of the problem.
Don Thompson, CEO of MerlinCryption explains the potential threat of microchip foul play in cybersecurity. "Embedding malicious code or 'back doors' into microchips is a growing trend in espionage," says Thompson, "The rogue chip conspiratorially communicates critical intelligence back to its criminal host. It is paramount to procure only tamper-proof USA-made chips to be used in developing the circuit board, then reinforce the device with robust encryption. End-point encryption, coupled with multi-factor authentication thwarts attacks against data.”
The most common solution of moving secured information over the Internet is through Virtual Private Networks (VPN). A VPN extends a private network across public networks like the Internet by establishing a virtual point-to-point connection through the use of dedicated connections or encryption. These techniques add security to the information flow but are expensive and still have security vulnerabilities. Realizing these costs and the security concerns with VPNs, a team at STTarx developed a method of truly protecting data-at-rest and data-in-motion and also masking transmissions. Their networks are stealthy and impenetrable and messaging is immune to illicit decryption. This technique offers an economic and secure method of passing data through the Internet.
Curt Massey, the CEO of STTarx Shield, explains this unique process. "We never accepted the common wisdom that networks must always be vulnerable or that messaging must rely on increasingly complex and cumbersome encryption algorithms that would eventually be broken. We used a fundamentally different approach to solving both issues. Every pen tester for a period of years has walked away scratching their heads due to complete failure to either penetrate our networks or even capture our traffic. Those to whom we have given sample STTarx traffic have been completely unsuccessful in decrypting it. We enable other solutions to focus on protecting the internal network."
Today we connect multiple levels of people, applications, software, hardware and networks to our enterprise, control systems and cloud computing. There are so many layers that we are beginning to lose control of what the business process and software logic action is supposed to be doing, even though it is secured and authenticated. This is why recent exploit attacks have been directed without detection toward system process software, not just networks and databases. We need a method of real-time viewing, auditing and even blocking multiple simultaneous process actions. Rajeev Bhargava, CEO of Decision-Zone found this same problem when trying to debug software programs which led him to the unique use of graphical anomaly detection as a new method of intrusion detection security. This is how he explains it.
"The conventional view of security is primarily aimed at securing an organization’s assets, including facilities, goods, IT infrastructure and information silos. However, the characteristics of the threat environment organizations are exposed to are changing. Whereas in the past solitary intruders sought entry into an organization's network and facilities and created minor damage; nowadays these attacks originate from highly organized groups and are aimed at obtaining services or money by disrupting or diverting the victim’s normal business operations. Sometimes this is an authorized and authenticated insider.
"Processes, by nature, consist of a number of tasks performed by different individuals, usually within different departments," said Bhargava, "making them vulnerable to mistakes, misunderstandings, miscommunications and abuse. A business process consists of a set of logically interrelated tasks, intended to generate an output beneficial to the organization. A process aims to create higher-value output from lower-value input, at a cost that is lower than the increase in value of the generated product. These processes have extreme value to a company and often are the reason they have a competitive edge. These process inputs are the same place where security breaches can be identified, audited and potentially blocked. Decision-Zone has built the ultimate process security application for validating/tracking these input actions against the business process logic assuring both process productivity and process security."
Disclosures of cybersecurity breaches are constant. The damage done, money lost and intellectual property stolen is staggering. State-sponsored attacks have been validated, banks robbed, intellectual property stolen, even attacks on your personal privacy. Studies have clearly stated the certainty that you have been breached or we will be breached. The companies that were researched and quoted above have clearly stated their cases, have tested their capabilities and together can offer resolutions to specifically address these security issues.
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. In the last few weeks, with no uncertainty, we have recognized the immediate need for cybersecurity solutions from our personal privacy to national defense. There is no "it won’t happen to me" anymore. There is no more sticking our heads in the sand. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
Securing the End Points
Whether you want to secure your private conversations or a corporate database, you must first have a way to authenticate the human or machine initiating action. Sadly, this needs a lot of work. Fortunately, there is a lot of available technology to choose from.
With the password being just about dead, companies are reaching for other ways to effectively authenticate and validate this all-important initial process: access. From biometric human authentication to encrypted nano-sensors offering machine location-based identifiers, we have the technologies to securely authenticate the start of just about anything. With the computing power and popularity of BYOD, the smart phone may be the go-to personal control device that will multiply security access privileges under a single authentication. We are now just beginning to deploy apps and chip sets supporting these authentication capabilities.
When we communicate to a machine, the security beginning and end point is not a port or cable connected to some device. The points are often very complex microchips with coded processes within themselves. These trusted computer chips like BYOD devices can become part of the solution in cybersecurity -- and part of the problem.
Don Thompson, CEO of MerlinCryption explains the potential threat of microchip foul play in cybersecurity. "Embedding malicious code or 'back doors' into microchips is a growing trend in espionage," says Thompson, "The rogue chip conspiratorially communicates critical intelligence back to its criminal host. It is paramount to procure only tamper-proof USA-made chips to be used in developing the circuit board, then reinforce the device with robust encryption. End-point encryption, coupled with multi-factor authentication thwarts attacks against data.”
Securing Data in Motion
The most common solution of moving secured information over the Internet is through Virtual Private Networks (VPN). A VPN extends a private network across public networks like the Internet by establishing a virtual point-to-point connection through the use of dedicated connections or encryption. These techniques add security to the information flow but are expensive and still have security vulnerabilities. Realizing these costs and the security concerns with VPNs, a team at STTarx developed a method of truly protecting data-at-rest and data-in-motion and also masking transmissions. Their networks are stealthy and impenetrable and messaging is immune to illicit decryption. This technique offers an economic and secure method of passing data through the Internet.
Curt Massey, the CEO of STTarx Shield, explains this unique process. "We never accepted the common wisdom that networks must always be vulnerable or that messaging must rely on increasingly complex and cumbersome encryption algorithms that would eventually be broken. We used a fundamentally different approach to solving both issues. Every pen tester for a period of years has walked away scratching their heads due to complete failure to either penetrate our networks or even capture our traffic. Those to whom we have given sample STTarx traffic have been completely unsuccessful in decrypting it. We enable other solutions to focus on protecting the internal network."
Securing the Process
Today we connect multiple levels of people, applications, software, hardware and networks to our enterprise, control systems and cloud computing. There are so many layers that we are beginning to lose control of what the business process and software logic action is supposed to be doing, even though it is secured and authenticated. This is why recent exploit attacks have been directed without detection toward system process software, not just networks and databases. We need a method of real-time viewing, auditing and even blocking multiple simultaneous process actions. Rajeev Bhargava, CEO of Decision-Zone found this same problem when trying to debug software programs which led him to the unique use of graphical anomaly detection as a new method of intrusion detection security. This is how he explains it.
"The conventional view of security is primarily aimed at securing an organization’s assets, including facilities, goods, IT infrastructure and information silos. However, the characteristics of the threat environment organizations are exposed to are changing. Whereas in the past solitary intruders sought entry into an organization's network and facilities and created minor damage; nowadays these attacks originate from highly organized groups and are aimed at obtaining services or money by disrupting or diverting the victim’s normal business operations. Sometimes this is an authorized and authenticated insider.
"Processes, by nature, consist of a number of tasks performed by different individuals, usually within different departments," said Bhargava, "making them vulnerable to mistakes, misunderstandings, miscommunications and abuse. A business process consists of a set of logically interrelated tasks, intended to generate an output beneficial to the organization. A process aims to create higher-value output from lower-value input, at a cost that is lower than the increase in value of the generated product. These processes have extreme value to a company and often are the reason they have a competitive edge. These process inputs are the same place where security breaches can be identified, audited and potentially blocked. Decision-Zone has built the ultimate process security application for validating/tracking these input actions against the business process logic assuring both process productivity and process security."
Conclusion
Disclosures of cybersecurity breaches are constant. The damage done, money lost and intellectual property stolen is staggering. State-sponsored attacks have been validated, banks robbed, intellectual property stolen, even attacks on your personal privacy. Studies have clearly stated the certainty that you have been breached or we will be breached. The companies that were researched and quoted above have clearly stated their cases, have tested their capabilities and together can offer resolutions to specifically address these security issues.
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. In the last few weeks, with no uncertainty, we have recognized the immediate need for cybersecurity solutions from our personal privacy to national defense. There is no "it won’t happen to me" anymore. There is no more sticking our heads in the sand. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
Subscribe to:
Posts (Atom)